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ACTION 


International application No. 

PCT/EP 00/05017 


International filing date (day/ month/year) 

31/05/2000 


(Earliest) Priority Date (day/month/year) 

04/06/1999 


Applicant 

D'UDEKEM D'ACOZ, Xavier Guy Bernard 



This International Search Report has been prepared by this International Searching Authority and is transmitted to the applicant 
according to Article 1 8. A copy is being transmitted to the International Bureau. 

This International Search Report consists of a total of 3 sheets. 

fX~| rt is also accompanied by a copy of each prior art document cited in this report. 



Basis of the report 

a. With regard to the language, the international search was carried out on the basis of the international application in the 
language in which it was filed, unless otherwise indicated under this item. 

[ l the international search was carried out on the basis of a translation of the international application furnished to this 
Authority (Rule 23.1 (b)). 

b. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international search 
was carried out on the basis of the sequence listing : 

[~~] contained in the international application in written form. 

filed together with the international application in computer readable form, 
furnished subsequently to this Authority in written form, 
furnished subsequently to this Authority in computer readble form. 



2. 
3. 



□ 
□ 
□ 
□ 

□ 

□ 
□ 



the statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

the statement that the information recorded in computer readable form is identical to the written sequence listing has been 
furnished 

Certain claims were found unsearchable (See Box I). 
Unity of Invention Is lacking (see Box II). 



4. With regard to the title, 

[X] the text is approved as submitted by the applicant. 

[ j the text has been established by this Authority to read as follows: 



5. With regard to the abstract, 

|~X~| the text is approved as submitted by the applicant. 

I I the text has been established, according to Rule 38. 2(b), by this Authority as it appears in Box III. The applicant may, 
' — ' within one month from the date of mailing of this international search report, submit comments to this Authority. 

6. The figure of the drawings to be published with the abstract is Figure No. J 

[X] as suggested by the applicant. j J None of the figures. 

{ | because the applicant failed to suggest a figure. 

Q ] because this figure better characterizes the invention. 
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column 6, line 56 - line 61 
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figures 1-3 






abstract 




X 


US 5 442 704 A (HOLTEY THOMAS 0) 
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"P" document published prior to the international filing date but 
later than the priority date claimed 



T" later document published after the international filing date 
or priority date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

"X" document of particular relevance; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

"Y" document of particular relevance; the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or more other such docu- 
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See Notification of Transmittal of International 


D1544-PCT 


FOR FURTHER ACTION Preliminary Examination Report (Form PCT/I PEA/41 6) 


International application No. 


International filing date (day/month/year) 


Priority date (day/month/year) 


PCT/EPOO/050 17 


31/05/2000 


04/06/1 999 


International Patent Classification (IPC) or national classification and IPC 




G07F7/10 






Applicant 






D'UDEKEM D'ACOZ, Xavier Guy Bernard 





1 . This international preliminary examination report has been prepared by this International Preliminary Examining Authority 
and is transmitted to the applicant according to Article 36. 

2. This REPORT consists of a total of 6 sheets, including this cover sheet. 

E3 This report is also accompanied by ANNEXES, i.e. sheets of the description, claims and/or drawings which have 
been amended and are the basis for this report and/or sheets containing rectifications made before this Authority 
(see Rule 70.16 and Section 607 of the Administrative Instructions under the PCT). 

These annexes consist of a total of 2 sheets. 



3. This report contains indications relating to the following items: 



I 




II 


□ 


III 


□ 


IV 


□ 


V 




VI 


□ 


VII 




VIII 





citations and explanations suporting such statement 

Certain documents cited 

Certain defects in the international application 



Date of submission of the demand 
27/11/2000 


Date of completion of this report 
31.07.2001 


Name and mailing address of the international 
preliminary examining authority: 

European Patent Office 
/Ml D-80298 Munich 

Tel. +49 89 2399 - 0 Tx: 523656 epmu d 

Fax: +49 89 2399 - 4465 


Authorized officer ><S5ii*r\ 

Kampka, A (| j) 
Telephone No. +49 89 2399 2244 ^2^^ 
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INTERNATIONAL PRELIMINARY 
EXAMINATION REPORT 



International application No. PCT/E POO/0501 7 



I. Basis of the report 

1 . With regard to the elements of the international application (Replacement sheets which have been furnished to 
the receiving Office in response to an invitation under Article 14 are referred to in this report as "originally filed" 
and are not annexed to this report since they do not contain amendments (Rules 70. 16 and 70. 1 7)): 
Description, pages: 

1-17 as originally filed 

Claims, No.: 

1-10 as received on 29/06/2001 with letter of 26/06/2001 

Drawings, sheets: 

1/1 8-1 8/1 8 as originally filed 



2. With regard to the language, all the elements marked above were available or furnished to this Authority in the 
language in which the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language: , which is: 

□ the language of a translation furnished for the purposes of the international search (under Rule 23.1 (b)). 

□ the language of publication of the international application (under Rule 48.3(b)). 

□ the language of a translation furnished for the purposes of international preliminary examination (under Rule 
55.2 and/or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the 
international preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the international application in written form. 

□ filed together with the international application in computer readable form. 

□ furnished subsequently to this Authority in written form. 

□ furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in 
the international application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is identical to the written sequence 
listing has been furnished. 

4. The amendments have resulted in the cancellation of: 

□ the description, pages: 

IS the claims, Nos.: 11,12 
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□ the drawings, sheets: 

5. □ This report has been established as if (some of) the amendments had not been made, since they have been 
considered to go beyond the disclosure as filed (Rule 70.2(c)): 

(Any replacement sheet containing such amendments must be referred to under item 1 and annexed to this 
report.) 



6. Additional observations, if necessary: 



V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 

1. Statement 



Novelty (N) 


Yes: 


Claims 


1 


- 10 




No: 


Claims 






Inventive step (IS) 


Yes: 


Claims 


1 


- 10 




No: 


Claims 






Industrial applicability (IA) 


Yes: 


Claims 


1 


- 10 




No: 


Claims 







2. Citations and explanations 
see separate sheet 



VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 



VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 
see separate sheet 
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Re Item V 

Reasoned statement under Art. 35(2) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 

Reference is made to the following documents: 

D 1 : US-A-5 49 1 827 (HOLTE Y THOMAS O) 1 3 February 1 996 ( 1 996-02-1 3) 
D2: US-A-5 442 704 (HOLTEY THOMAS O) 1 5 August 1 995 (1 995-08-1 5) 
D3: US-A-4 982 378 (MATSUSHITA TSUYOSHI) 1 January 1991 (1991-01-01) 
D4: US-A-4 566 082 (ANDERSON RUSSELL Y) 21 January 1986 (1986-01-21) 
D5: US-A-3 972 028 (WEBER GERALD ET AL) 27 July 1 976 (1 976-07-27) 
D6: EP-A-0 347 321 (SGS THOMSON MICROELECTRONICS) 20 December 
1989 (1989-12-20) 

1. Document D1 discloses (see the abstract; col. 2, line 66 - col. 3, line 13; col. 6, 
lines 56 - 66 and col. 8, line 54 - col. 10, line 22) a card memory device in which 
there is direct data access to the memory units via a bus and the data access is 
not through a microprocessor. Thus there is no read in and read out from the card 
to and from the memory units which passes through the microprocessor. D1 has 
an interface logic 104 through which all data passes to and from the card, the 
various microprocessors are able to control this flow by influencing access to the 
memories but the data does not pass through these microprocessors as such. 

D2 discloses a prior art with similar architecture, see col. 2, line 57 - col. 3, line 34. 

2. Starting from D1 (or D2) the problem is to enhance the security. 

3. According to claim 1 , the device has the advantage that total control of the data 
and the addressing of the memory devices is possible by the microprocessor: "the 
microprocessor is adapted for routing through all data and address information 
sent to and sent by the card memory device". All the data to be written into or read 
out of the memory units from or to the external passes through the 
microprocessor. Hence, no external device obtains access to any of the address 
information of the memories. 
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Claim 9 defines a method corresponding to claim 1 . 

4. The applicant in his letter dated 26.06.2001 argued that an assumption that the 
interface logic in D1 could be replaced by a microprocessor would be based on ex 
post facto analysis, as there is no indication in D1 or the other prior art documents 
to do this. In comparison with the prior art, the invention defined in claims 1 and 9 
starts from a different principle, namely that of preventing direct memory access 
via bus combined with access control. 

5. Therefore, claims 1 and 9 meet the criteria set forth in Art. 33(1) PCT with respect 
to the available prior art. Claims 2-8 and 10 relate to preferred embodiments and 
therefore also meet these criteria. 

Re Item VII 

Certain defects in the international application 

To meet the requirements of Rule 5.1(a)(ii) PCT, documents D1 and D2 should 
have been identified and the relevant background art disclosed therein should 
have been briefly discussed. 

Reference signs in parentheses should have been inserted in aN the claims to 
increase their intelligibility, Rule 6.2(b) PCT. This applies to both the preamble and 
characterising portion. 

Re Item VIII 

Certain observations on the international application 

The description should have been adapted to the new set of claims. Features are 
indicated in the description as belonging to the invention, which are not defined in 
independent claims 1 and 9, see the present summary of the invention on pages 3 
- 5 and page 17, lines 23-31. The invention comprises the features of the 
independent claim, i.e. all essential, non-facultative features. Preferred 
embodiments comprise facultative features, i.e. features of the dependent claims 
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or features only defined in the description. Different definitions of the invention in 
the description and in the independent claims which could lead to unclarity which 
features are essential for the invention if the claims are read together with the 
description should have been avoided (Art. 6 PCT with Rule 6.3 b) PCT). 
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1 

Amended claims 

1. A card memory device (20) having an input/output device (1) and having embedded: 
a microprocessor (2); 

5 a plurality of memory units (5-12, 16, 17) for storage of digital data, and 

a selecting device (3, 4) for selecting one of the memory units (5-12, 16, 17) and for 
routing the address information and data to and/or from the selected memory unit (5-12, 
16, 17), characterized in that: 

the microprocessor (2) is interposed between the input/output device (1) and the 
10 selecting device (3, 4) and the microprocessor is adapted for 

routing through all data and address information sent to and sent by the card 
memory device (20), and 

for supplying address information which relates to the data sent to each selected 
memory unit (5-12, 16, 17). 

15 

2. The card memory device according to claim 1, wherein the addressing scheme for 
each memory location of a memory unit includes a parallel and a. serial portion. 

3. The card memory device according to claim 2, wherein a parallel port of the selecting 
20 device is connected to a parallel port of the microprocessor for receiving the parallel 

portion of a card memory address. 

4. The card memory according to claim 2 or 3, wherein a first serial port of the selecting 
device is connected to a serial port of the microprocessor for receiving the serial portion 

25 of a card memory address. 

5. The card memory device according to any of claims 2 to 4, wherein the selecting 
device has a plurality of second serial ports, one connected to. each memory unit via a 
serial bus and the parallel address portion defines one of the second serial ports of the 

30 selecting device. 
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2 

6. The card memory device according to any previous claim, wherein the memory 
capacity is at least 1 Mbytes. 

7. The card memory device according to any previous claim, further comprising a first 
5 set of surface contacts including a ground contact, a power source contact and a data 

input and/or output contact, and the first set corresponding to a second set of contacts in 
a card memory device reader, the ground contact of the first set being arranged to 
ground any contact of the second set before this reader contact makes contact with any 
of the power and/or data contacts. 

10 

8. The card memory device according to claim 7, wherein the ground contact on the card 
memory device surrounds the data contact on three sides. 

9. A method of using a card memory device having an input/output device and having 
15 embedded therein a microprocessor and a plurality of memory units for storage of 

digital data, the method comprising: 
selecting one of the memory units; and 

routing address information and data to and/or from the selected memory unit, 
characterized by 

20 routing through the microprocessor all data and address information set to and sent by 
the card memory device; and 

supplying address information from the microprocessor relating to the data sent to each 
selected memory unit. 

25 10. The method according to claim 9, wherein the card memory device is a card memory 
device according to any of the claims 1 to 8. 
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(57) Abstract: The present invention includes a card memory device (20) comprising a microprocessor (2). a plurality of memory 
units (5-12) for storage of digital data, the memory units (5-12) being embedded in the card memory device (20). A selecting device 
(3. 4) is provided for selecting one of the memory' units (5-12) and for routing address information and data to the selected memory 
unit (5-12). both the microprocessor (2) and the selecting device (3. 4) being embedded in the card memory device (20). The card 
memory device integrates components into a thin flexible memory card with surface contacts ( 1 ) so that the components can coop- 
erate as a compact unit providing environmental sealing and secure access to several Mbytes of digital data. A specially designed 
set ( 1 ) of contacts (21-25) are also described which reduce the risk of electrostatic discharge. The card memory device (20) may be 
used for secure control of a personal computer. 
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CARD MEMORY APPARATUS 

The present invention relates to card memories, particularly to the provision of memory 
on a flexible card having an input/output device such as surface contacts. The memory 
5 may be read/writable and no n- volatile. 

Technical background of the Invention 

There is a general requirement for storing data, particularly personal data, for 
use in various types of transactions such as health insurance, telephone calls, paying for 
10 mass transit, as well as in "set-up" boxes for satellite video or pay TV, etc. One way of 
doing this is digitally. For everyday personal use, such a digital data store should be 
compact, e.g. about as big as a conventional credit card, and must be able to: 

1) withstand moisture - at least quick immersion and/or high humidity levels, 

2) withstand dust panicles encountered in handbags, coat pockets and wallets without 
1 5 loss of performance, 

3) withstand bending without failure, e.g. when forced into a wallet, 

4) be UV resistant, 

5) withstand electromagnetic and magnetic fields produced by common household 
devices as well as small magnets without loss of data, 

20 6) to be manufactured in high volumes at a low manufacturing cost. 

There are several types of known transportable devices for storing digital data. 
The ubiquitous "floppy" diskette provides reliable access to 1.44 Mbyte of data 
storage. Although relatively robust, diskettes still require careful handling and are 
sensitive to dust and bending. Developments of higher storage capacity have been 

25 introduced, for example ZIP drives with capacities over 100 Mbytes. Removable hard 
drives such as supplied by Syquest Corporation, USA allow the storage of many 
hundreds of megabytes of data. Neither diskettes nor replaceable hard drives are 
flexible. They are sensitive to mechanical damage and dust and are not suitable for 
carrying in a coat pocket, in a wallet or in a lady's handbag for daily use. They are 

30 generally not used with terminals, e.g. Point-of Sale (POS) terminals for financial 
purposes or with other forms of data transfer, e.g. for use as identification of 
membership of a health insurance organization. 
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In addition so-called PCMCIA memory cards are known which include a 68 pin 
connector at one end, are usually electromagnetically shielded with metal layers on 
both sides, are not flexible and are about 5mm thick. PCMCIA cards with the ability to 
store several megabytes of data are known, for instance, from EP 596 276, US 
5 5,293,424, US 5,671,367, US 5,875,480. PCMCIA cards provide a high quality 

connector and metallic screening suitable for installation in lap-tops and computers and 
are highly reliable. However, their construction is expensive and they are not very 
suitable for daily use in coat pockets, wallets or ladies' handbags. 

Optical CD-ROM's have developed beyond their original read-only status and 

10 rewritable CD-ROM's are supplied by several companies, e.g. the Hewlett-Packard 
RW 8100 series. A modification to the basic idea is available which includes placing a 
CD-ROM type data recording medium on a flexible card, for example, LaserCard™ 
from Drexler Technology Corporation, USA. The disadvantage of all CD-ROM 
products is that the data may be corrupted by scratches. This makes them suitable for 

15 home storage of data, e.g. for music or video, but the surface is not sufficiently robust 
for the worst of daily uses. 

Credit cards with magnetic stripes are also well know but have a very limited 
storage capacity. Also the data may be wiped by magnets such as the types used to 
attach identification badges. Long lengths of magnetic tape have also been used 

20 successfully for storing very large amounts of data and are used daily in the form of 
cassettes for playing music. However, they have not found favor for personal storage 
of data. 

Next generation banking cards include microprocessors accessible through 
surface contacts - sometimes called "smartcards". These known devices have a higher 

25 memory capacity than a magnetic stripe card but the amount is still limited. The cards 
are flexible, sealed against moisture and have surface contacts which are not blocked 
by dust. One disadvantage of the known surface contacts is that high electrical 
potentials may be generated by static electricity and this may result in loss of data on 
discharge. To solve this problem card readers have been provided with electrostatic 

30 discharge protection as described for instance in US 5,892,216. 

Summarizing the above, there is no suitable storage device available for 
everyday use which is compact, reliable, has a large memory capacity and can be 
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produced economically. 

It is an object of the present invention to provide a digital storage device which 
is suitable for daily personal use. 

It is a further object of the present invention to provide a digital storage device 
5 which has more storage capacity than smartcards while maintaining their flexibility and 
robustness. 

It is still a further object of the present invention to provide surface contacts for 
a memory card which are better protected against electrostatic discharges. 

1 0 SUMMARY OF THE ITWENTION 

One aspect of the present invention is to integrate components into a thin 
flexible memory card with an input/output device so that the components can 
cooperate as a compact unit providing environmental sealing and secure access to 
several Mbytes of digital data. The present invention includes a card memory device 
15 comprising: a microprocessor, a plurality of memory units for storage of digital data, 
the memory units being embedded in the card memory device and a selecting device for 
selecting one of the memory units and for routing address information and data to 
and/or from the selected memory unit, both the microprocessor and the selecting 
device being embedded in the card memory device. The card memory device has an 
20 input/output device (I/O device) for receiving and for transmitting data. It is not 

anticipated that the form of the I/O device is a limitation on the present invention. For 
instance, the I/O device may comprise surface contacts for sliding introduction into a 
card reader. Alternatively, the card may be contactiess and the input/output is via 
electromagnetic radiation such as radio frequency or infra-red transmission. For radio 
25 frequency transmissions the input device will generallycomprise an antenna embedded 
in the card. An infra red input device will generally comprise a photovoltaic ceil of 
some kind for receving the infra red light and for converting it into electrical signals as 
well as a transmitting device such as an LED (light emitting diode). The power to dnv€ 
. the electronic components of the card may be provided from the incident 
30 electromagnetic radiation or may be provided by a battery. A serial port of the 

microprocessor is connected to the input device, e.g. to one of the surface contacts. 
Serial data is entered into or read out of the card memory device through the 
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microprocessor. The microprocessor is preferably a secure single chip microprocessor. 
A serial data port of the microprocessor is connected to a serial port of the selecting 
device via a first serial bus. For selecting a memory unit, a parallel port of the selecting 
device is connected to a parallel port of the microprocessor via a parallel address bus. 
A parallel portion of a memory storage location (bit) address is output or input via the 
parallel bus. The selecting device has a plurality of serial ports each one connected to a 
respective memory unit via a second serial bus. The parallel address portion defines one 
of the input/output serial ports of the selecting device and its associated serial bus and 
memory unit. Once the serial bus has been selected the microprocessor then sends 
serial address information via the first and second busses to define a digital data storage 
location of the selected memory unit. Memory units may be organized in memory 
modules, each memory module including a plurality of memory units. Each memory 
unit may include one or more memory devices, e.g. memory chips. 

The present invention also includes a card memory device comprising a first set 
of surface contacts including a ground contact, a power source contact and a data 
input and/or output contact, and the first set corresponding to a second set of contacts 
in a card memory device reader, the ground contact of the first set being arranged to 
ground any contact of the second set before this reader contact makes contact with any 
of the power and/or data contacts. The ground contact serves to discharge any 
electrostatic potential on the card memory device or on the reader. Preferably, the 
ground contact on the card memory device surrounds the data contact three sides, e.g. 
it may be "U" shaped. The power contact of the card memory device may close the top 
of the "U". 

The present invention includes the use of the card memory device described 
above for providing secure access to a personal computer. The present invention 
includes a method of secure operation of a computing device, comprising the use of a 
first card memory device having a microprocessor and a reader connected to the 
computing device for reading the first card memory device, the method comprising the 
steps of: configuring the operating system of the computing device so that operation is 
limited unless the card memory device is inserted into the reader; generating one or 
more codes relating to system information of the computing device; comparing the 
generated codes with other codes in the first card memory device, the other codes 
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indicating validated system data for the computing device; and only allowing further 
unrestricted operation of the computing device if the generated and stored other codes 
are the same. The first card memory device is preferably a card memory device 
according the present invention. In particular, it is preferably thin, flexible and 

5 environmentally sealed. Preferably the card memory device has an input device which 
may be sliding contacts in accordance with an embodiment of the present invention. 
Alternatively, the input device may be contactiess, e.g. a radio frequency wireless input 
device or an infra-red input device. Preferably, the system data includes references to 
software and/or hardware installed on the computing device. The method also 

10 preferably includes a validation step for validating the system data of the computing 
device. Preferably, if there is no match of codes, a further card memory device may be 
used to provide authentication to the computing device to update the first card memory 
device with revised codes. Preferably, the second card memory device is inhibited for 
further use after the authentication has been transferred a limited number of times, e.g. 

15 once. The computing device may be a personal computer or a terminal attached to a 
LAN or WAN. 

The dependent claims each define a separate and individual embodiment of the 
present invention. The present invention will now be described with reference to the 
following drawings. 

20 

BRIEF DESCRIPTION OF THE DRAWINGS 

. Fig. 1 is a schematic circuit diagram representation of an embodiment of the 
card memory device in accordance with the present invention. 

Fig. 2 is a possible layout of the card memory device of Fig. 1 on a card. 
25 Fig. 3 is a schematic representation of a dispatcher circuit in accordance with an 

embodiment of the present invention 

Fig. 4 A shows a parallel four bit addressing scheme for selection. of a memory 
unit in accordance with an embodiment of the present invention. 

Fig. 4B shows a three byte serial addressing scheme in accordance with an 
30 embodiment of the present invention. 

Fig. 5 is a schematic representation of a memory module in accordance with an 
embodiment of the present invention. 
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Figs. 6 A to 6E show authentication schemes which may be used with the 
present invention. Fig. 6 A shows the authentication scheme between a system and a 
memory card according to the present invention. Figs. 6B to 6E show a verification 
scheme for safe installation of software in accordance with an embodiment of the 
5 present invention. 

Fig. 7 is a schematic representation of a card reader and processing device with 
which the present invention may be used. 

Fig. 8 is a top view of surface contacts suitable for use with the embodiment of 
the present invention shown in Figs. 1 and 2. 

10 

DETAILED DESCRIPTION OF THE ILLUSTRATIVE EMBODIMENTS 

The present invention will be described with respect to certain embodiments 
and to certain schematic drawings but the present invention is not limited thereto but 
only by the claims. In particular, the card memory device will be described with 

15 reference to an 8-bit byte scheme but the present invention is not limited thereto. 

Further, the present invention will mainly be described with reference to a card memory 
device with contacts but the present invention is not limited thereto. For instance, the 
card device may have an input device which receives electromagnetic radiation such as 
radio frequency transmissions or infra-red transmissions. Where the card receives 

20 eirctromagnetic radiation the card device has a suitable receiver and transmitter, e.g. an 
embedded antenna or infra-red receiver and transmitter (LED). 

Fig. 1 shows a schematic circuit diagram of a data storage device 20 in 
accordance with an embodiment of the present invention. Fig. 2 shows a possible 
layout of the card memory device 20 on a card. The device 20 is preferably an 

25 environmentally sealed, flexible (plastic) card with an embedded microprocessor 2 and 
a plurality of embedded memory modules 5-12. The dimensions of card memory device 
20 may be similar or identical to those of other flexible "stnartcards" such as telephone 
cards or credit cards which have an embedded microprocessor, e.g. 85 mm by 55 mm 
by 1 mm thick. The card memory device 20 has an input/output device such as a set 1 

30 of surface contacts 21-25 which serve for connection it to a suitable card reader. The 
card reader may be a stand-alone reader, or may be included in a personal computer, in 
a lap-top, in a palm- top, in a terminal connected to a telecommunications network for 
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communication with a remote computer, or similar. The set 1 of contacts provides 
power input (Vcc), serial data input/output (SDA), ground potential input (Vss), a 
clock input (CLK) and a microprocessor reset (RST) connections. The microprocessor 
2 is preferably a single chip secure microprocessor of the type SCENTX SX'IS as 
5 supplied by SCENTX, USA. Included on the microprocessor chip is preferably read- 
only memory (ROM) for the storage of application programs and for all operating 
conditions for the device 20, random access memory (RAM) and optionally non- 
volatile read/write memory of which at least a part is preferably protected memory for 
the storing of data required for power up and initialization of the device 20. 
10 The power input contact (Vcc) of set 1 is connected to the power input of the 

microprocessor 2, similarly the ground potential input (Vss), the dock input (CLK) 
and the microprocessor reset (RST) contacts of set 1 are connected to equivalent pins 
of the microprocessor 2. The SDA contact of the set 1 is connected directly to the 
serial data input pin (SDA) of the microprocessor 2. Hence, all data to be read from or 
15 written into the memory modules 5-12 passes through the microprocessor 2. To access 
card memory device 20 a communication session with the microprocessor 2 is set up 
via the card reader in which communication channels are opened via the SDA contact 
of set 1 after an authentication procedure (to be described later). It is not expected that 
the method of authentication is a limit on the present invention. In particular, suitable 
20 authentication methods may include the use of public and/or private keys and/or 
specific session keys as is known to the skilled person. In addition, the present 
invention may include the requirement that the owner of the card memory device 20 is 
required to enter one or more personal identification numbers (PIN) at the card reader 
before authentication and verification is complete, In addition, the present invention 
may include a restriction on the number of times a PIN may be entered before the card 
is blocked and further access is denied. In addition, the present invention may include 
the requirement that the operator of the card reader (different from the owner of the 
card memory device 20) is additionally or alternatively required to enter a PIN, 
account, service or system number (either directly through a key pad or indirectly by 
the transmission of a code number or numbers from the memory of the card reader to 
the microprocessor 2) so that the microprocessor 2 can verify that the card reader 
belongs to a group of authenticated card readers allowed to access the data on the card 
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memory device 20. 

Embedded in the card memory device 20 is a plurality of memory modules 5-12 
one of which shown best in Fig. 5. These memory modules 5-12 may include volatile, 
e.g. RAM, or non-volatile read-only such as ROM or read/writable non-volatile 
memory units 16.' The memory units 16 may also be one-time programmable memory 
units. The memory units 16 of the memory modules 5-12 preferably do not require 
refresh. The memory modules 5-12 are preferably electrically erasable programable 
read only memory (EEPROM) modules. Each module 5-12 may be composed of 
several individual memory units 16, each memory unit 16 comprising a plurality of 
memories 17, for instance, memory chips, e.g. one module 5-12 may contain four units 
16 of eight EEPROM memories 17 each storing 32 or 64 Kbytes of digital data, e.g. 
24FC256 memory chips as supplied by Microchip USA, or the 24XA512 chips as 
supplied by Siemens Germany. Hence, a total storage capacity for each module 5-12 
may be 4 x S x 64 = 2048 Kbytes and a total for the card memory device 20 of 8 x 4 x 
15 8 x 64 Kbytes = 16 Megabyte. By changing the memory capacity of each memory 
module 5-12 or by changing the number of them, the memory capacity of the card 
memory device 20 may be easily selected between 2 and 16 Mbytes. 

To provide power (Vcc), ground (Vss), clock signals (SCL) and write protect 
(WP) for all memory modules 5-12 a card bus 14 is provided. For the microprocessor 2 
20 to address and to read and write data from and to each memory module 5-12, a system 
of parallel and serial busses 5-B ...12-B, 13, 15 is provided. The addressing scheme in 
accordance with the present invention is a novel hybrid parallel/serial address scheme. 
Each address of a memory location in a memory module 5-12 is defined by a serial 
address portion and a parallel address portion. Each memory module 5-12 is provided 
25 with a plurality of serial busses 5-B 1-4, 6-B1-4, ....12-B1-4 for carrying serial data and 
the serial portion of an address. Each memory unit 16 of each memory module 5-12 
has its own unique serial bus 5-B1-4...12B1-4. To select the required serial bus 5-B1- 
4, .... 12-B 1-4 at least one bi-directional multiplexer-dispatcher 3, 4 is provided. The 
multiplexer-dispatcher 3,4 is preferably constructed as an application specific 
30 integrated circuit (ASIC). The inputs and outputs of a multiplexer-dispatcher 3, 4 are 
shown in Fig. 3. The inputs from the microprocessor 2 include a serial data connection 
(SDA) connected to a serial bus 13 for receipt and transmission of serial data to and 
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from the microprocessor 2 and hence to and from the card memory device 20 as weil 
as receipt and transmission of the serial address portion of addresses for the memory 
modules 5-12. All communication i.e. selection of memory modules 5-12, selection of 
EEPROM chips 17 within a module 5-12 and transmission of addresses and serial data 
5 are inhibited by the appropriate signal placed by the microprocessor 2 on the INHIBIT 
connection of the multiplexer-dispatcher 3, 4. Preferably, the INHIBIT pins of 
multiplexer-dispatchers 3, 4 are ganged so that all multiplexer-dispatchers 3, 4 are 
inhibited together. This differs from the circuits described in US 5,293,424 in that in 
these known circuits each memory module includes a lock circuit and so denial of 
10 access to one memory module does not prevent access to other memory modules. 
Also, it differs from the known circuits of US 5,671,367 and US 5,875,480 in which 
the address bus may be blocked to the memory on the card, but the serial data bus 
remains open to the memory. 

Optionally, after inhibiting the multiplexer-dispatcher(s) 3,4, the microprocessor 
15 2 may write a flag to a register in its protected non- volatile memory so that on power- 
up of the microprocessor 2, it reads the state of the flag in its memory, and if the flag 
has been set, microprocessor 2 inhibits the operation of multiplexer-dispatchers 3, 4, 
i.e. so that power down and power-up will not lift the blocked communication state. A 
special procedure may be necessary to release the card memory device 20 from its 
20 inhibited state. 

Parallel pins A, B, C, D of the multiplexer-dispatcher 3, 4 are connected to the 
parallel bus 15 from the microprocessor 2. These are provided for the parallel portion 
of the addressing scheme in accordance with the present invention. An appropriate 
signal (logic 1 or 0) on the FOLLOW pin of the multiplexer 3, 4 prevents a change in 
25 the address selected by the dispatcher 3, 4 until the signal changes to the other logical 
value. 

Each multiplexer-dispatcher 3, 4 has 16 serial data outputs 18 labeled SDA0-3 
organized in banks of four. Each serial data output 18 is routed to one of the four 
memory units 16 of a memory module 5-12 via its unique serial bus 5-B1-4.... 12-B1-4. 
30 Each bus 5-B1-4 ....12-B1-4 is connected to the respective pin SDA0-SDA3 of the 
relevant memory module 5-12 and the respective pin SDA0-SDA3 of the 
multiplexer/dispatcher 3, 4. Which serial bus 5-B1-4....12B1-4 is selected depends on 
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the parallel portion of the memory card address which is availaDle on the parallel bus 
15 from the microprocessor 2. The parallel portion of a memory card address is shown 
schematically in Fig, 4 A. The four bits provide 16 different addresses. For example, 
0000 may select the memory unit 16 defined by the bank 0, SDA0 pin of the 
5 multiplexer/dispatcher 3. This pin is connected to serial bus 5-B1 and the pin SDA0 of 
the memory module 5. 1111 selects the memory unit 16 defined by the bank 3, SDA 3 
pin of the multiplexer/dispatcher 3 which is connected to the serial bus 8-B4 for 
connection to the memory unit 8. Hence, the parallel portion of the memory address 
determines which of the 4 x 4 « 16 5 12 Kbytes memory units 16 are selected. Each 
10 memory unit 16 includes up to 8 x 64 Kbytes EEPROM memories 17. 

The serial portion of the addressing scheme of the card memory device 20 may 
be as shown in Fig. 4B (3 byte serial address). The first 4 bits of the first byte may be 
used to define any suitable parameter, e.g. a manufacturer's code, for instance 1010 for 
the initialisation of the serial port of an EEPROM. The next three bits determine which 
15 of the eight 64 Kbytes EEPROM memories 17 is selected from one 512 Kbytes 

memory unit 16. The final bit of the first byte determines whether a read or write is 
performed. The next two bytes (the address high and low bytes) determine which of the 
64 Kbytes storage locations of a particular memory 17 are to be written or read. 

A representative memory module 5 is shown schematically in Fig. 5. Each of 
20 the serial busses 5-B1-4 is connected to one of the pins SDA0-3 of the four memory 

units 16. Each memory unit 16 comprises at least one memory 17. The connections for 
power (Vcc and Vss) to the memories 17 and for the clock input (SCL) are connected 
to the card bus 14 and hence with the set 1 of contacts. The write protect (WP) pin of 
the memory module 5 is connected to the respective pin of the microprocessor 2. 
25 The card memory device 20 may be operated in several different modes each 

one of which is a separate embodiment of the present invention. Firstly, the 
microprocessor 2 may convert each memory address requested via the card reader into 
the hybrid card address described above using an algorithm. For instance the 
microprocessor 2 has a resident program stored in its ROM for calculating a hash or 
30 one way function. This algorithm may be based on a key which is stored in the ROM or 
more preferably in the protected read/write memory of the microprocessor 2 at 
manufacture thereof The key used for each card memory device may be different even 
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if the same algorithm is used. On receipt of an address for reading or writing the 
microprocessor 2 operates on the input address and generates therefrom the four bit 
parallel portion of the memory card address as well as the three byte serial portion of 
the memory card address as shown in Figs. 4 A and B using hash or one way functions. 
5 The microprocessor 2 then uses this encrypted hybrid address for reading or writing 
the data. By this means the actual data stored in any one memory module 5-12 is 
pseudorandomly sorted so that attempts to analyze the data on the card 20 by external 
probes will be fruitless. Further, even if the operation of one card memory device 20 is 
analyzed it gives no indication of how other cards operate. Firstly, one of the 
10 properties of hash functions or one way functions is that it is almost impossible to 

derive the function from its results. Secondly, the operation of the hash function or one 
way function depends upon the value of the key stored in the protected memory of the 
microprocessor 2 so that the address encryption is different for each card memory 
device 20. Where the memory modules 5-12 are RAM modules, i.e. the data is lost on 
1 5 power down, the key for generating the encrypted addresses may be changed randomly 
on power-up so that the encrypted addressing differs from session to session. 

In a second mode, which may be optionally combined with the first mode, the 
microprocessor 2 allocates a block of addresses of the memory modules 5- 12 when a 
write request is received. If a later write address is within the same block, the 
20 microprocessor 2 selects that block again. If the later requested write address lies 

outside the first block, the microprocessor 2 creates a second block of addresses. The 
microprocessor 2 continues with this procedure until ail the memory locations of card 
memory device 20 have been allocated. By this procedure the card memory device 20 
can operate with a computer or other microprocessor which has a greater addressing 
25 range than is provided by the card memory device 20. By creating blocks, widely 

differing blocks of addresses of the computer or other microprocessor may be allocated 
onto the card memory device 20. To keep track of the blocks, i.e. the memory map of 
the card memory device 20, the microprocessor 2 may record the blocks, their sizes 
and the addresses to which they correspond in its protected non- volatile read/wnte 
30 memory. 

In a third mode of operation, the microprocessor may have a data compression 
application program stored in its ROM or read/write non- volatile memory. This 
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application may be called to compress data on writing and to decompress data on 
reading. The host computer or terminal which includes the card reader for 
communication with the card memory device 20 does not require knowledge of the 
compression algorithm which is handled completely by the microprocessor 2. 

5 Similarly, in a fourth mode of operation microprocessor 2 may include an 

encryption and decryption algorithm for encrypting data before writing and decrypting 
read data. This improves the security of the data on the card 20. Not only is the data 
then pseudorandomiy distributed among the memory modules 5-12 by application of 
the first mode of operation but also the data is encrypted. The key or keys for the 

10 encryption algorithm may be stored in the non- volatile read/write memory of the 
microprocessor 2 on initialization of the card memory device 20, e.g. during 
manufacture. Protected read/write memory on the microprocessor chip of the card 
memory device 20 may be used for temporary storage of intermediate results typically 
generated by encryption algorithms. 

15 To improve the security of the memory card device 20 still further, the 

microprocessor 2 is preferably programmed to carry out an authentication routine 
when card memory device 20 is introduced into a card reader. As indicated above, it is 
not anticipated that the type of authentication will affect the present invention 
materially. 

20 Fig. 6A is a schematic flow diagram of one possible authentication scheme in 

accordance with an embodiment of the present invention. The memory card 20 is 
placed- in a suitable card reader 3 1 which is part of a processing device 30 such as a 
personal computer as shown schematically in Fig. 7. The card reader may be for 
physically contacting a set of contacts on the card device 20 or it may be a remote 
25 reading device such as those which use electromagnetic radiation to communicate. The 
processing device has a microprocessor 32. Software programs are pre-loaded into the 
memories of both the processing device 30 and the microprocessor 2 on the card 20. 
After power-up of the microprocessor 2 via the Vss and Vcc contacts 21, 25 using 
.power supplied from the reader 3 1, the authentication program starts on 
30 microprocessor 2 of the card device 20. The authentication scheme shown in Fig. 6 A 
allows verification of both the card 20 and the processing device 30 as well as the 
software programs running thereon but the present invention is not limited thereto. For 
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instance, the verification could be restricted only to the card 20. In step 33, the 
microprocessor 2 requests the entry of a code A, e.g. a personal identification code 
(PIN) from the user. The user then inputs the code A. Similarly, the card 20 may 
request a code B in step 34 from the processing engine 30 in order to check that the 
processing engine 30 is a verified one. Both code A and B are compared with pre- 
stored codes in the memory of the microprocessor 2 on card 20 in step 35. If code A is 
verified as correct the microprocessor 2 on card 20 generates a user acceptance code 
36 which is stored for this session. If code B is correct the microprocessor 2 generates 
a processor acceptance code 37 which is transmitted to the processing device 30. If 
either of the codes is incorrect, a non-acceptance code is generated and two further 
entry attempts are permitted. If either of the microprocessor 32 of processing engine 
30 or microprocessor 2 are blocked (due to previous fraudulent use) ail activity stops. 
The results of the acceptance code control is finally checked by the processing engine 
30 in step 39 and by the microprocessor 2 in step 38. If no correct code A or code B 
has been entered after three tries the respective one of the microprocessor 2 and the 
processing device 30 outputs a blocking code A3, B3, respectively and all activity 
stops. As part of steps 38, 39 a further check is made that the card 20 and/or the 
processing engine 30 have not been modified in a fraudulent manner. To achieve this 
the input of further codes 40, 41 are requested from the card 20 and the 
microprocessor 32 of the processing device 30. Transfer of these codes may occur 
without user intervention. The codes 40, 41 may be generated by a suitable algorithm 
from the registry numbers of software programs running on the microprocessor 2 and 
the microprocessor 32 of processing engine 30 as well as from the reference numbers 
of hardware such as hard disks. Alternative methods of generating codes 40, 41 using 
data available in the microprocessor 2 and the processing engine 30 in order to identify 
any change in the programs running on either are included within the scope of the 
present invention. Codes 40, 41 may be large in size. They are therefore preferably 
stored in the memory of the memory modules 5-12 of the card device 20 in accordance 
with the present invention. Microprocessor 2 on the card device 20 then compares the 
stored and received codes 40, 4 1 . 

If the final check indicates that all codes are correct, access to the programs of 
the card 20 and the processing engine 30 are allowed in steps 42 and 43 respectively. 



WO 00/075881 



PCT/EP00/05017 



14 

In this case final complete acceptance codes 44, 45 are generated. 

Fig. 6B is a schematic flow diagram of the use of the card 20 to instantiate a 
new personal computer 30 and validate its software and/or hardware after purchase in 
which the processing device 30 is a personal computer shown schematically in Fig. 7. 
The personal computer 30 is configured for safe access by a user possessing a card 
memory device 20 in accordance with the present invention. To maintain security the 
personal computer 30 cannot run unless a validated card 20 is inserted in the reader 31. 
Card 20 also checks that software running on personal computer is authorized 
software. When the user purchases the computer he/she is provide with a security card 
device 48 which may be a card memory device 20 in accordance with the present 
invention. The card 48 has software programs loaded into the microprocessor 2 for 
carrying out the verification and validation functions described with respect to the 
present invention. The user is also provided with one or more "temporary cards" 47. 
Temporary card 47 may also be a card memory device 20 in accordance with the 
present invention. The purpose of the temporary card 47 is to allow an update of card 
48 with validation data. Once the update is completed the data on card 47 is destroyed 
and the card is blocked from further use, e.g. by permanently invoking the INHIBIT 
function mntioned above. 

The personal computer 30 is started in step 46 and the operating system halts 
until a security card 48 is inserted in the reader 31. The card 48 is powered up and the 
verification program starts to run automatically on microprocessor 2 of card 48. Card 
48 requests at least one code AO, B0, CO from the personal computer 30. The codes 
AO B0, CO are preferably generated by the personal computer 30 from system data on 
the personal computer 30 which provides an identification of the personal computer 
and the software running thereon. For example, code AO may be generated from the 
number of the BIOS of the personal computer, the code B0 from the number or 
hardware, e.g. the hard disk of the personal computer and code CO may. be generated 
from the registration numbers of the software rurining on the personal computer 30, 
e.g. the operating system such as Microsoft's "Windows" graphical user interface. 
Code CO may be a concatenation of all the other codes AO, B0. The card 48 
interrogates its read/write non-volatile memory e.g. like the memory modules 5-12 of a 
card memory device 20 in accordance with the present invention, to retrieve the code 
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or codes AO, BO, CO. On first instantiation of the personal computer 30 these codes 
will not be present on card 48. Card 48 then requests insertion of the temporary card 
47 into reader 3 1 . Card 48 is then removed from reader 3 1 and card 47 is inserted. 
Card 47 provides the authorization to computer 30 to load the codes AO, BO, CO one 
time onto card 48. Once computer 30 has received this authorization, ail data on card 
47 is destroyed and the card is blocked in step 49, e.g. by permanent inhibition using 
the INHIBIT function described above. Card 48 is substituted for card 47 in the reader 
31 and codes AO, BO, CO are written to the read/write non-volatile memory of card 48. 
The card 48 is now initialized with the codes AO, BO, CO. Any attempt to change any 
sofrware running on computer 30 will change one or more of the codes AO, BO, CO 
and the card 48 will generate an error message on start-up. 

The next start-up of the computer 30 is shown in Fig. 6C. The computer 30 is 
started in step 5 1 and the operating system halts until card 48 is inserted in reader 3 1 . 
Card 48 then checks if it has the required one or more codes AO, BO, CO stored in its 
non-volatile memory. Codes AO, BO, CO represent validated sofrware and/or hardware 
on computing device 30. As it has been initialized, the card 48 has these codes already 
stored in the modules 5-12. Card 48 then requests input of the one or more codes AO, 
BO, CO from personal computer 30. These codes are generated from the system 
information of computer 30 as described above and transmitted to card 48 in step 52. 
In step 53, the received and stored codes AO, BO, CO are compared by the card 48 and 
if they are correct the card 48 provides the necessary instructions for the computer 30 
to continue operation in step 54. If the codes AO, BO, CO do not match, the computer 
30 is halted in step 55. 

To prevent unauthorized cards 48 being used the above scheme may be 
modified by the addition of a random number RAND which is supplied by the 
computer 30 as well as the one or more codes AO, BO, CO. If the codes are correct the 
card 48 operates on the random number with an algorithm such as a one-way function 
or a hash code. The result Sres of this operation is transmitted to personal computer 
.30. Personal computer 30 calculates Sres from the random number and the same 
algorithm. Is the received and calculated Sres match then the computer 30 may 
continue operation. If card 48 determines that one of codes AO, BO, CO is incorrect, a 
random number Srand is generated having the same format as Sres and transmitted to 
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the computer 30. When computer calculates Sres from RAND and compares with 
Srand it determines that they are different and operation is blocked. 

Fig. 6D is a schematic diagram of how a new software program is installed on a 
computer as well as validating this software with the security card 48 . The software is 
5 provided with a further temporary card 47 as described with respect to Fig. 6B. The 
starting point is an actively running computer having completed step 54 of Fig. 6C. The 
new software is installed on the computer 30 in step 57. At the end of loading the 
revised relevant code AO, B0, CO is calculated from the registration number of the new 
software. The computer 30 then halts and requests entry of the temporary card 47 in 

10 step 58. Card 47 is inserted in reader 3 1 and provides computer 30 with the necessary 
authorization to load the revised code or codes AO, B0, CO onto security card 48. 
Computer 30 then destroys all data on card 47 in step 59 and card 47 is blocked in step 
59, e.g. by permanent setting of the INHIBIT function mentioned above. Card 47 is 
now removed from reader 3 1 and card 48 inserted. The computer 30 then writes the 

15 new code(s) AO, B0, CO onto card 48 in step 60. Card 48 is now initialized with the 
updated codes AO, B0, CO. These represent validated system data for personal 
computer 30. 

The reinstallation of software onto computer 30 is shown schematically in Fig. 
6E. Let us assume that due to a virus or for some other reason certain programs have 

20 been corrupted on personal computer 30. In 62 the software is reinstalled. In step 63 
the relevant code or codes AO, B0, CO are calculated by personal computer 30 for the 
re-installed software. This code or codes is checked with the code or codes already 
stored on the card 48 in step 64. If they agree the operation of computer 30 is 
continued in step 65. If the codes are incorrect the computer may be halted in step 66 

25 and for example the entry of a temporary card 47 may be requested. 

The description above with respect to Figs. 6A to E has been made with 
reference to a single user and a single personal computer. The above methods and 
hardware can be extended to include the use of a single security card 48 with a plurality 
of computers. For example, the employees of a company may be provided with security 

30 cards 48 which operate with a group of computers. Each card then has a copy of all the 
codes AO, B0, CO for all the computers with which it is to work. By this means a user 
may log-on to any computer in the group. Further, the use of security card 48 may be 
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extended for use with a local or wide area network provided the relevant codes 
identifying the respective LAN, WAN are available and stored on card 48. 

Fig. 8 is a schematic top view of surface contacts 21-25 of set 1 for use with 
the card memory device 20 in accordance with an embodiment of the present invention. 
5 Preferably, the ground contact 21 (Vss) is placed on the card in such a way that it 

enters the card reader first when the card memory device 20 is inserted into the reader. 
The memory card device 20 is intended to be inserted into a card reader having a slit 
opening designed to allow sliding entry by memory card device 20 but to prevent entry 
by other objects. The ground contact 21 is therefore preferably placed closest to one 

10 edge of the card memory device compared to the other contacts. 22-25. The ground 
contact 21 is preferably "U" shaped and encloses the clock signal contact 22 (CLS) the 
serial data input/output contact 23 (SDA) and the reset contact 24 (RST) on at least 
three sides. The order of the reset, data input/output and clock contacts 22-24 is not 
considered to be a limitation on the present invention. The power contact (Vcc) 25 

15 may be placed across the top of the "U" of the ground contact 21 as shown in Fig. 8. 
Preferably the power contact 25 is placed furthest from the side of the car memory 
device which first enters the card reader. The contacts 2 1 -25 may be made from any 
suitable material conventionally used for surface contacts of smartcards, credit cards, 
telephone cards or similar and will usually be a copper alloy. By placing the ground 

20 contact 21 in such a position that any metal part of the reader will contact the ground 

contact 21 first, electrostatic voltages will be discharged and the risk of data loss on the 
card 20 by electrostatic discharge will be reduced. 

The card memory device 20 according to the present invention provides an 
environmentally sealed memory card of several Mbytes of data (at least 1 MBytes) 

25 which may be carried on the person in the usual way like credit cards, e.g. it may be 
stored in wallets, handbags, coat pockets etc. without loss or corruption. The card 
memory device 20 in accordance with the present invention may find advantageous use 
as security cards for controlling the operation of personal computers, as any form of 
card storing personal data such as health insurance cards, data cards for vehicles, e.g. 

30 recording the mileage and driving times of commercial vehicles, as a card for storing 
computer programs, as a card for storing text documents such as books, etc. 
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Claims 

1. A card memory device having an input/output device and having embedded: 
a microprocessor; 

5 a plurality of memory uniis for storage of digital data; and 

a selecting device for selecting one of the memory units and for routing the address 
information and data to and/or from the selected memory unit, wherein the 
microprocessor is interposed between the input/output device and the selecting device 
and is adapted for passing through data to be sent from and received by the card memory 
10 device and for supplying address information for the data sent to each memory unit. 

2. The card memory device according to claim 1, wherein the addressing scheme for 
each memory location of a memory unit includes a parallel and a serial portion. 

15 3 . The card memory device according to claim 2, wherein a parallel port of the selecting 
device is connected to a parallel port of the microprocessor for receiving the parallel 
portion of a card memory address. 

4. The card memory according to claim 2 or 3 , wherein a first serial port of the selecting 
20 device is connected to a serial port of the microprocessor for receiving the serial portion 

of a card memory address. 

5. The card memory device according to any of claims 2 to 4, wherein the selecting 
device has a plurality of second serial ports, one connected to each memory unit via a 

25 serial bus and the parallel address portion defines one of the second serial pons of the 
selecting device. 

6. The card memory device according to any previous claim, wherein the memory 
capacity is at least 1 Mbytes. 

30 

7. The card memory device according to any previous claim, wherein the input/output 
device comprises a first set of surface contacts including a ground contact, a power 
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source contact and a data input and/or output contact, and the first set corresponding to 
a second set of contacts in a card memory device reader, the ground contact of the first 
set being arranged to contact any one contact of of the second set before this reader 
contact makes contact with any of the power and/or data contacts. 

5 

8. The card memory device according to claim 7, wherein the ground contact on the card 
memory device surrounds the data contact on three sides. 

9. A card memory device comprising: 

10 a first set of surface contacts inciuding a ground contact, a power source contact and a 
data input and/or output contact, the first set corresponding to a second set of contacts 
in a card memory device reader, the ground contact of the first set being arranged to 
make contact with any contact of the second set before this reader contact makes contact 
with any of the power and/or data contacts. 

15 

10. The card memory device according to ciaim 9, wherein the ground contact on the 
card memory device surrounds the data contact on three sides. 

1 1 . A method of secure operation of a computing device, comprising the use of a first 
20 card memory device having a microprocessor and a reader connected to the computing 

device for reading the first card memory device, the method comprising the steps of: 
configuring the operating system of the computing device so that operation is limited 
unless the first card memory device is inserted into the reader; 

generating one or more codes relating to system information of the computing device; 
25 comparing the generated codes with other codes in the first card memory device, the 
other codes representing validated system data for the computing device; and 
only allowing further unrestricted operation of the computing device if the generated and 
stored other codes are the same. 

30 12. The method according to ciaim 1 1, wherein the first card memory device is a card 
memory device according to any of the claims 1 to 10. 
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